NIST Defining the Expanding World of Cloud Computing

A working definition for cloud computing—a new computer technique with potential for achieving significant cost savings and information technology agility—has been released by a team of computer security experts at the National Institute of Standards and Technology (NIST). Since the federal government is considering cloud computing as a component of its new technology infrastructure, it is NIST’s role to evaluate it and then promote its effective and secure use within government and industry by providing technical guidance and developing standards.

NIST researchers have just published a working definition of cloud computing, which is a new technology for computing-on-demand that could bring about significant cost savings and more agile information technology.

Credit: Shutterstock; copyright Elnur

The working definition of cloud computing described by NIST is “a pay-per-use model for enabling available, convenient and on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, services) that can be rapidly provisioned and released with minimal management effort or service provider interaction.” The draft working definition also describes five key characteristics, three delivery models and four deployment models.

The NIST cloud computing research team is studying cloud architectures, security and deployment strategies for the federal government. But its first task was to collaborate with industry and government to develop a working definition of cloud computing that will serve as a foundation for its research. The term “cloud computing” comes from the field’s standard use of drawing the Internet as a cloud in diagrams.

Security is always a concern with any new computer approach, and this one is no different. According to cloud research team leader Peter Mell, “Cloud computing has both security advantages and disadvantages. The cloud computing model inherently promotes availability of services through its distributed architecture model. However, this same model presents data confidentiality and integrity challenges by pooling hardware resources for use by multiple parties.”